You are here: Foswiki>Tasks Web>Item5480 (06 Jan 2015, GeorgeClark)Edit Attach

Item5480: TWiki::LoginManager::ApacheLogin doesn't work correctly with auth_kerb Apache module

pencil
Priority: Enhancement
Current State: Needs Developer
Released In: n/a
Target Release: n/a
Applies To: Engine
Component: LoginManager, Kerberos
Branches:
Reported By: TWiki:Main.AivoJurgenson
Waiting For:
Last Change By: GeorgeClark
When TWiki release 4.2 is used with TWiki::LoginManager::ApacheLogin and Apache is configure to Kerberos authentication (auth_kerb module) the Apache gives the logged in REMOTEUSER in the format of ' username@realm'. TWiki expects the REMOTEUSER being in the format of 'username'. There seems to be no configuration options to set this correctly.

Workaround is to patch the lib/TWiki/Users.pm file and to simply strip the realm part of the REMOTEUSER variable. The patch is added to the report.

More cleaner solution would be to have a configuration option for ApacheLogin module, which could perhaps specify a REMOTEUSER format.

I'll take a look at it, as I'm using email addresses as the login for a project i'm doing right now

-- SvenDowideit - 28 Mar 2008

I don't understand why you need to strip off the realm. I'm using email addresses as is, and it seems to be working. All i needed to do is adjust the LoginName Filter to remove the @, and everthing seems happy. Any chance you can confirm why you can't?

-- TWiki:Main.SvenDowideit - 31 Mar 2008

Right, I should have explained more. I need to map the users to LDAP directory with LdapContrib as well. The right attribute to do that would be userPrincipalName, but unfortunately this attribute use different domain and doesn't match. E-mail addresses are in the long format (firstname.lastname@domain.com) and also do not match.

Which leaves me to patching the Users.pm

-- TWiki:Main.AivoJurgenson - 02 Apr 2008

aha, that makes alot more sense to me smile I I have the vague feeling there are other ways to doit, but i need to ponder smile

Harald would do that change in LocalLib.cfg or something equally trixy (insert link here) - maybe we should write a howto/blog on that and see how it goes.

-- TWiki:Main.SvenDowideit - 03 Apr 2008

This issue might be connected or already solved with http://develop.twiki.org/~twiki4/cgi-bin/view/Bugs/Item4771 There seems to be an attachment, which is called KerberosLogin.pm and which seems to be much more cleaner solution.

-- TWiki:Main.AivoJurgenson - 11 Apr 2008

I am changing this to enhancement.

-- KennethLavrsen - 11 Jul 2010

ItemTemplate edit

Summary TWiki::LoginManager::ApacheLogin doesn't work correctly with auth_kerb Apache module
ReportedBy TWiki:Main.AivoJurgenson
Codebase
SVN Range TWiki-5.0.0, Sun, 09 Mar 2008, build 16496
AppliesTo Engine
Component LoginManager, Kerberos
Priority Enhancement
CurrentState Needs Developer
WaitingFor
Checkins
TargetRelease n/a
ReleasedIn n/a
CheckinsOnBranches
trunkCheckins
masterCheckins
ItemBranchCheckins
Release01x01Checkins
I Attachment Action Size Date Who Comment
Users.pm.patch.txttxt Users.pm.patch.txt manage 656 bytes 28 Mar 2008 - 09:30 AivoJurgenson workaround patch
Edit  | Attach | Print version | History: r9 < r8 < r7 < r6 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r9 - 06 Jan 2015, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy